HyperView Geoportal Toolkit 安全漏洞

HyperView Geoportal Toolkit is a Map application in a Web browser from HyperView, Inc. A security vulnerability exists in HyperView Geoportal Toolkit version 8.2.4 and prior versions, which arises from an unrestricted cross-domain request for remote content pointed to by a GET request parameter,...

GHSA-9PHH-R37V-34WH lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML Files

Impact The browser renders the resulting HTML when opening a direct link to an HTML file via lakeFS. Any JavaScript within that page is executed within the context of the domain lakeFS is running in. An attacker can inject a malicious script inline, download resources from another domain, or make...

Cross-Domain Request Through Insecure JSONP Defaults

spring-webmvc is vulnerable to cross-domain requests. The vulnerability exists as JSONP is enabled through the jsonp and callback JSONP parameters in MappingJackson2JsonView by default...

Paragon Initiative Enterprises: Cross-domain AJAX request

Hi Paragonie Team, While reviewing your website i discovered that there are Cross-domain AJAX requests being sent, though you are implementing Content-Security-Policy header but Internet Explorer uses experimental X-Content-Security-Policy header according to Wikipedia info...

SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6879)

This update of acroread fixes : - Cross-domain request vulnerability CVE-2010-0188: CVSS v2 Base Score: 6.8 An unspecified vulnerability that possibly allowed remote code execution. CVE-2010-0186: CVSS v2 Base Score: 5.8 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 6844)

The following bug has been fixed: Insufficient checks in flash-player allowed malicious flash applets to create illegal cross-domain requests CVE-2010-0186. The update also fixes a denial of service condition. CVE-2010-0187 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description...

SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 2065)

This update of acroread fixes : - Cross-domain request vulnerability. CVE-2010-0186 : CVSS v2 Base Score: 5.8 - An unspecified vulnerability that possibly allowed remote code execution. CVE-2010-0188 : CVSS v2 Base Score: 6.8 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

SuSE 11 Security Update : flash-player (SAT Patch Number 1977)

The following bug has been fixed : Insufficient checks in flash-player allowed malicious flash applets to create illegal cross-domain requests CVE-2010-0186. The update also fixes a denial of service condition. CVE-2010-0187 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...

openSUSE Security Update : flash-player (flash-player-1970)

Insufficient checks in flash-player allowed malicious flash applets to create illegal cross-domain requests CVE-2010-0186. The update also fixes a denial of service condition CVE-2010-0187. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Important: Red Hat Security Advisory: flash-plugin security update

An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. The flash-plugin package contains a Mozilla Firefox compatible...

Vulnerability in multiple web browsers allowing request spoofing attacks

Overview Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page. In general, JavaScript only allows communication within the same domain ...